Last updated: May 2020
We/ Our are The Conscious Professional Limited whose registered office is 40 Northstand Apartments, Highbury Stadium Square, London, N5 1FJ, UK and operates htttp://www.theconsciousprofessional.com (the “Site“).
This Policy describes the type of information that we may collect, the purposes for which we use the information and how we may share that information. We appreciate your trust in us as you use our website.
You may call us on: +44 207 193 0548 or email us at email@example.com with any queries about this Policy at any time.
We are the controller of any personal information gathered by your use of our website and services. Our website is a general audience website, intended for users of all ages. Where we use third parties to process your data, these parties are known as processors of your personal data. We have a contract with these third parties for the provision of these services.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
THE PURPOSE OF THIS POLICY
This Policy is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this information. In the course of providing you with our services we will collect and process information that is commonly known as Personal Data.
This Policy describes how we collect, use, share, retain and safeguard Personal Data.
This Policy sets out your individual rights; we explain these later in the Policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
This Policy applies when you may share personal data in contact with us via our website, online forms, email, social media accounts, the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data, called ‘Sensitive Personal Data’. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
We are legally required to comply with specific data processing requirements for Personal Data.
WHAT PERSONAL DATA IS COLLECTED BY US?
In order for us to provide and administer our website and services for our clients, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, customer events, promotions and campaigns.
As a provider of wellbeing services, we will process the following categories of data:
- Contact at company’s contact details, name and workplace title.
- For individual’s attending our services where they explicitly consent to such information being provided to us we may store your name, email, city location, image (still and moving) of your face, body and likeness and voice.
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
We may record all online live interactive and webinar sessions that may capture your physical likeness moving or still, and/ or voice during the video recording. You can turn your microphone and/ or video camera off if you do not wish to be captured.
We may record your communications with us when contacting our professionals and management team.
We may collect information about your visits to us to help us personalise your experience with us. By providing this information to us you are consenting our use in the manner set out in this policy.
We do not knowingly accept information or attendance of anyone under the age of 18 years old.
WHY DO WE NEED YOUR PERSONAL DATA?
We use this information for the performance of our contract with you, to quote for and provide you with wellbeing services, to respond to any requests from you about the services we provide, to facilitate our business administration, administration of your membership, bookings of sessions, retreats and appointments with us and other transactions. We may use this information to notify you of service changes, process payments and maintain account records.
If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. You may request to be withdrawn from all such marketing activities at any time.
We will also use your personal data to manage your account, perform statistical analysis on the data we collect, for business forecasting purposes and to develop new and market existing products and services.
We may promote our services to you using the information you provide to us, including email or text. If you wish to receive promotional offers please select the opt in button or use one of our website forms to sign up to receive emails.
We use third party software to securely store your data all as set out below in ‘Third Party Services’ to perform specific functions to support our services. Third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information as permitted by the UK’s implementation of the General Data Protection Regulation 2017 (EU Data Protection Directive 2016/680 ). We do not sell or pass your personal information onto third parties.
Applications to work for The Conscious Professional are stored in the format submitted to us and retained for 2 years from receipt date.
You may request what data we have stored about you from firstname.lastname@example.org
In some situations we may request your consent to market our services to you, to share your data or to transfer your data outside the European Economic Area. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Data Privacy Representative at email@example.com
SPECIFIC COLLECTION AND THIRD PARTIES
Information that you provide via a third party service is at your discretion and will be stored by that third party to provide the function required in our service. Below details the functions that we use these third parties in our business.
While using our Site, we may ask you to provide us with certain personally identifiable information that might be collected through our website provider WordPress and host Siteground. This includes collection of your unique online electronic identifier; this is commonly known as an IP address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. We may use Google Analytics to give us an idea of where our website traffic data comes from and how people use our website. Details on Google Analytics can be found here.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features.
Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
If you contact us via our website, you may provide us with personal data when completing online health or contact forms. We use drip for our mailing list. Both of these services store the data that you submit for our records of client management only.
EMAILS, BOOKINGS & SERVICES
We use Microsoft Exchange for our emails and your email address will then be stored in our Microsoft Exchange account. Your appointment(s) are stored in our iCloud Calendar that is kept private or invitations only sent to our clients. We enter your name, email and venue of the appointment to confirm the booking.
To deliver our services to you, we use Asana to manage the administration of clients, Dropbox and WeTransfer to send files. These processors only use your email address and we do not keep further records in these services.
Live online classes may be recorded both as audio alone and audiovisual files by our delivery provider Zoom. Recordings may be stored in Zoom or our digital storage facilities which are encrypted with a password. Booking via Zoom requires your name, email, job and city to register for online sessions and then captures, and stores your image, likeness and voice in the recordings in the Zoom cloud servers.
We store our notes and documents for services provided to our clients in paper format only for up to 7 years from the last appointment. This is a legal requirement by our insurer Balens.
We may provide our recordings to third party organisations to make available our videos and audio recordings for streaming on-demand or downloads by others whether paid for or free. Your personal data captured in any recording(s) will be included in such a transfer but with no further personal data. Please contact us at firstname.lastname@example.org if you wish any of your personal data to be amended or removed in such recordings or turn off your camera and microphone in the live online sessions.
If you wish to pay using an online transaction such as a credit card we use Stripe, Xero and Paypal. These third party payment providers are PCI compliant to ensure your financial data is secure and we can never access your full payment details. Only information that you submit during payment such as an email address is stored for us to match to our invoice records using Xero (our accounting software).
We may ask you to complete surveys about our services. You do not have to participate, and you can choose to complete your name and email address or leave it anonymised.
We may take photographs or videos of events for marketing. Any use of such photographs and/ or videos do not identify your face and you may contact us at any time to remove such photographs or edit such videos.
We may email you from drip with promotions and offers once a month or more frequently. You can unsubscribe from this at any time from within one of these emails or contacting us at email@example.com
If you follow us on any social media platforms, your privacy settings in your social media account control what you share with others. Please be aware that our settings are to ‘Public’ where you leave reviews, comments and we will tag you where appropriate. Where appropriate, on our retreats and during our services we may take photographs and/ or videos of you and may be used on social media and marketing of our services. Please contact us at any time should you wish to change or amend any posts on social media by us.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about how we collect personal data and with whom we share data with, please contact Neil our Data Privacy Representative by e-mailing firstname.lastname@example.org
With your consent, other than as set out above, you will receive notice when your information may be sent to third parties and you will have an opportunity not to share the information. For example, when you book a retreat with us we may share some of your information with the retreat venue for them to fulfil their obligations in providing a service to you. This notice does not apply to recordings shared for commercial, marketing or advertising purposes of our services that may be captured during the live webinars or classes.
If you have received Services with us we will store your data for 7 years from your last appointment with us, as required by our insurers (Balens) for any potential claims. You may have access to this information stored, but this falls under the circumstances where your Right to Request Erasure may be denied: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
We may store videos and audio files for longer where relevant for business development, marketing and advertising of our services.
THIRD PARTY LINKS
You have legal rights about your personal data. You grant use of your data under the contract and terms herein through your active conduct and use of our services. At any time, you have the right to know what personal data relates to you that is held by us, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. You can also request the deletion of their personal data. This includes where you change your mind about any video or audio recording that includes your personal data. Please contact us at email@example.com if you wish to have your personal data removed from any recordings.
You may request the following at any time about your data held by us with regards to the services that we provide:
- The right to be informed about the personal data being processed;
- The right to rectification of your personal data
- The right to erasure of your personal data
- The right to restrict processing of your personal data
- The right to data portability (to receive an electronic copy of your personal data)
- The right to object to the processing of your personal data
- The right to access your personal data
In accordance with the General Data Protection Regulations, you may request a copy of all data that we store about you for a £10 administration fee at firstname.lastname@example.org Repeated, unfounded or excessive requests may be challenged by us.
There are some limited circumstances that may limit the information that we can provide to you in a request, for example, public interest, law enforcement, legal and or health related matters.
Please also bear in mind that we rely on third parties for some of your information in the flow of data. It may take us the full calendar month permitted to provide a full response to your request.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact email@example.com
DATA PRIVACY REPRESENTATIVE
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Officer who is a director of The Conscious Professional. The Data Privacy Officer is Neil, who may be contacted at: firstname.lastname@example.org
If you are dissatisfied with any aspect of the way in which we process your personal data, please contact our Data Privacy Officer. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
REVISIONS AND QUERIES
You may email us at email@example.com
You may post to us at: 40 Northstand Apartments, Highbury Stadium Square, London, N5 1FJ, UK
Version: May 2020